Heathrow Biometric Trial Scores Big

Open and interoperable systems, combined with new standards for biometric encryption, have reached a point in their development where network-centric solutions promise to make passenger identity authentication less of a hassle for travelers, yet more foolproof for security.

BAA Ltd., the company that owns and manages London’s Heathrow Airport, working alongside the U.K. Border & Immigration Agency (BIA), Cathay Pacific Airways and Emirates Airlines, recently completed a sixteen-week trial of an encrypted, networked biometric system, called miSense, that automates passenger identity and authentication from initial check-in at departure to baggage claim at the destination.

The primary objective of the trial was to see how well biometrics could streamline authentication while improving customer service, and to gauge if the public would be receptive to using biometric technology, particularly in Europe, where past consumer studies have shown a greater sensitivity to privacy. Three miSense services were studied: miSense, miSense Plus and miSense All Clear.

“We wanted to remove stovepipes and improve the experience of the traveler while increasing the security of the whole process,” says Cyrelle Bataller, biometric specialist in Accenture’s Technology Labs. “The idea is to identify yourself to the government, the airlines, the airport only once.That allows decisions to be taken at a single point. MiSense is part of that.” “The technology is pretty sophisticated, but it is coming together,” says Stephen Challis, head of product development for BAA. “The goal was to first see if we could capture people’s biometric characteristics, and test the fast recovery of those characteristics.We wanted to see how quickly a fingerprint input could be matched against the data in the system.”

How It Works

miSense is designed as a voluntary system travelers can use to speed identity checks. For the trial, self-service check-in kiosks were installed where passengers could scan their fingerprint and the photographic page of their passport. The fingerprint was linked to the passport information and stored in the miSense database for later reference. If the passenger was checking baggage, their bag tag

The objective of the trial was to see how well biometrics could streamline authentication while improving customer service numbers could be integrated with the ID information.

At the entrance to security screening, miSense passengers used a self-service gate equipped with a fingerprint scanner and boarding pass scanner. Travelers first scanned their fingerprint and if receiving a positive response from the miSense database, were then prompted to insert their boarding card into the scanner.The data contained on the magnetic strip was then compared against an existing airport database to check against a number of parameters.

If both scans were positive and matched (that is, the traveler had enrolled at check-in and the boarding pass was valid) the gate opened and the traveler proceeded to security screening.

The gate featured anti-tailgate sensors; a customer service representative was also on hand to assist if required.

Finally, immediately before aircraft boarding, airline staffers scanned the fingerprint of miSense travelers with a wireless handheld device. Once the data was reconciled against the miSense database, the terminal signaled an OK to board. If the traveler had tried to use the fingerprint scanner to board without enrolling at check-in, or did not use the self-service gate at security screening, the miSense system would send a “no board” message to the scanning device.

All passport information and fingerprint biometric data collected was deleted at the end of the operational day.

miSense Plus

In miSense Plus, travelers agreed to submit passport biographic data and thirteen biometrics—irises, ten fingerprints and one facial image. The traveler also agreed to undergo a comprehensive background check. The checks themselves were conducted in real time against several law enforcement databases.

Following examination by an immigration officer and on completion of the background check, biometric and identity data was encrypted on an RFID chip on a miSense Plus card issued to the trial participant.

The average time to fully enroll a traveler was seven minutes and in some cases as little as three minutes, according to BAA’s report on the study. The study’s goal of 1,000 travelers was achieved with 1,007 people signing up.

The trial was the first to use international encryption standards adopted by the International Civil Aviation Organization (ICAO). These same biometric encryption standards will be incorporated into second-generation ePassports.The miSense Plus trial was a first look at the potential benefits the standard may bring both in terms of data storage and traveler experience.

The miSense Plus card also let travelers bypass long lines upon return to the U.K. For the trial, BAA installed a selfservice gate equipped with a fingerprint scanner and a miSense Plus card scanner at immigration and passport control in Terminal 3 at Heathrow. In Hong Kong, airport authorities installed a similar gate.

“The card let you bypass immigration,” said a spokeswoman for nCipher Corp., Cambridge,U.K., which, as a subcontractor, provided encryption technology to the trial. nCipher’s Hardware Security Modules were deployed in the miSense system to generate and protect the unique cryptographic keys that were used to identify and validate each traveller based on their biometric information. “The card would speed you through security with a special lane.An automatic gate scans your fingerprint and passport and matches them.”

If both records matched, the gate opened and the traveler proceeded to baggage claim.

The biometric dimension provides a further security parameter, Challis says. For instance, passport inspectors must often deal with travelers who may have grown beards, wear glasses or changed hairstyles. They must make a fast decision as to whether the picture in the passport matches the person presenting it.

“MiSense Plus assures the name, the passport and fingerprint always belong to the same person,” says Challis.

Once a member of miSense Plus, travelers were then able to use the gate at the entrance to security screening during subsequent departures and to use self-service border clearance gates as many times as their journey arrangements permitted.

miSense All Clear

In the third element of the trial, biographic data from a traveler’s passport and travel itinerary were captured in real time during check-in and transmitted to and processed by the BIA for background checks prior to departure.

The intention was to prove the concept of real-time traveler processing, on a traveler- by-traveler basis, by carrying out predeparture checks. For the trial, so as not to impact airline or airport operations, no responses from the BIA were returned to the airline (although this could have been managed with the configuration in place).

A total of 3,097 traveler records were transferred to the BIA background checking system between February 2007 and March 2007. According to BIA, 85 percent were processed in fewer than 10 seconds and 96 percent were processed in fewer than 30 seconds.

Consumer Acceptance

As for consumers, BAA also found that 81 percent of respondents in a post-trial survey found the miSense Plus service good or excellent.

“We knew if we could produce a clear benefit, people would be happy to sign up,” Challis says.

Challis says there is no timetable as to when any of the miSense services will be implemented on a widespread basis. BAA, which owns six other major U.K. airports as well as Naples (Italy) International Airport, is involved in several other IT-based security initiatives, he said.